Configure a Supply Chain using the Tanzu CLI
This topic tells you how to construct a SupplyChain configuration.
CautionTanzu Supply Chain is currently in beta and is not intended for production use. It is intended only for evaluation purposes of the next generation Supply Chain. For the current Supply Chain solution, see the Supply Chain Choreographer documentation.
Prerequisites
To prepare:
-
Ensure that the Tanzu CLI, and Tanzu Supply Chain CLI plug-in are installed on your local machine.
-
Ensure that Tanzu Supply Chain packages and Catalog Component packages are installed on the Tanzu Application Platform cluster that you are using to author your supply chain.
If you Install Tanzu Supply Chain with the authoring profile (recommended), these packages are automatically installed.
If you Install Tanzu Supply Chain manually, you must install the packages individually.
SupplyChain configuration
SupplyChains can be configured to supply default and override values for each component. This allows a platform engineer to either pre-populate common default values for a component or override values to always be some value that the developer cannot modify.
Generate SupplyChain with overrides
Platform engineers generate SupplyChains with overrides to allow them to define values that cannot be changed by developers using the Workload (Developer API). By configuring overrides for each component in the SupplyChain, the generated Workload will not contain values that have been overridden.
Overrides consist of:
-
path: The path to the configuration value, formatted as either:- The full path to the field you want to set.
- The path to any structure where all desired child fields must be set.
-
value: A string or YAML structured value.
Overrides use case
As a platform engineer, I want all built images to be accessible only through my organizations QA registry.
-
Generate the SupplyChain by running:
tanzu supplychain generate \ --kind AppBuildV1 \ --description "Supply chain that pulls the source code from git repo, builds it using \ buildpacks and package the output as Carvel package." \ --component "source-git-provider-1.0.0" \ --component "buildpack-build-1.0.0" \ --component "conventions-1.0.0" \ --component "app-config-server-1.0.0" \ --component "carvel-package-1.0.0" \ --component "git-writer-pr-1.0.0" \ --allow-overridesThe Tanzu Supply Chain CLI plug-in creates the required files to deploy your SupplyChain in the current directory:
✓ Successfully fetched all component dependencies Created file supplychains/appbuildv1.yaml ... -
To configure overrides, open
supplychains/appbuildv1.yamlin your editor, and go to the following section:... config: overrides: # Platform Engineer provided registry overrides - path: spec.registry.repository value: "YOUR-REGISTRY-REPO" - path: spec.registry.server value: "YOUR-REGISTRY-SERVER" # Platform Engineer provided build overrides - path: spec.build.builder.kind value: clusterbuilder - path: spec.build.builder.name value: default - path: spec.build.cache.enabled value: false - path: spec.build.cache.image value: "" - path: spec.build.serviceAccountName value: default # Platform Engineer provided carvel package component overrides - path: spec.carvel.caCertData value: "" - path: spec.carvel.iaasAuthEnabled value: false - path: spec.carvel.packageDomain value: "default.tap" - path: spec.carvel.serviceAccountName value: "default" - path: spec.carvel.valuesSecretName value: "" # Platform Engineer provided GitOps repo overrides - path: spec.gitOps.baseBranch value: main - path: spec.gitOps.branch value: main - path: spec.gitOps.subPath value: "YOUR-GITOPS-REPO-SUBPATH" - path: spec.gitOps.url value: "YOUR-GITOPS-REPO-URL" -
Configure overrides using either a full path to the field you want to set or a path to any structure where all desired child fields must be set. For example:
- Full path
-
Example path
spec.registry.repository. As this example does not provide a value forspec.registry.server, it will not be available to modify in theWorkload.config: overrides: - path: spec.registry.repository value: "https://my-registry.url.com" - Path to any key representing a YAML object
-
This example is for the path
spec.registry.config: overrides: - path: spec.registry value: repository: "https://my-registry.url.com"This example is for the path
spec. In this example, there is no value forspec.registry.server, it will not be available to modify in theWorkload.config: overrides: - path: spec value: registry: repository: "https://my-registry.url.com"This example is for the path
specwith empty value. This example results in aWorkloadwithout a spec.config: defaults: - path: spec value: {}
Generate SupplyChain with defaults
Platform engineers generate SupplyChains with defaults to allow them to define default values that can be changed by developers using the Workload (Developer API). By configuring defaults for each component in the SupplyChain, the generated Workload will contain default values.
Defaults consist of:
-
path: path to the configuration value, formatted as either:- The full path to the field you want to set.
- The path to any structure where all desired child fields must be set.
-
value: String or YAML structured value.
Defaults use case
For the defaults use case:
-
Generate the SupplyChain by supplying the
--allow-defaultsflag:tanzu supplychain generate \ --kind AppBuildV1 \ --description "Supply chain that pulls the source code from git repo, builds it using \ buildpacks and package the output as Carvel package." --component "source-git-provider-1.0.0" \ --component "buildpack-build-1.0.0" --component "conventions-1.0.0" \ --component "app-config-server-1.0.0" \ --component "carvel-package-1.0.0" \ --component "git-writer-pr-1.0.0" \ --allow-defaultsThe Tanzu Supply Chain CLI plug-in creates the required files to deploy your SupplyChain in the current directory:
✓ Successfully fetched all component dependencies Created file supplychains/appbuildv1.yaml ... -
To configure defaults, open the
supplychains/appbuildv1.yamlfile in your editor and go to the following section:... config: defaults: # Platform Engineer provided registry defaults - path: spec.registry.repository value: "YOUR-REGISTRY-REPO" - path: spec.registry.server value: "YOUR-REGISTRY-SERVER" # Platform Engineer provided build defaults - path: spec.build.builder.kind value: clusterbuilder - path: spec.build.builder.name value: default - path: spec.build.cache.enabled value: false - path: spec.build.cache.image value: "" - path: spec.build.serviceAccountName value: default # Platform Engineer provided carvel package component defaults - path: spec.carvel.caCertData value: "" - path: spec.carvel.iaasAuthEnabled value: false - path: spec.carvel.packageDomain value: "default.tap" - path: spec.carvel.serviceAccountName value: "default" - path: spec.carvel.valuesSecretName value: "" # Platform Engineer provided GitOps repo defaults - path: spec.gitOps.baseBranch value: main - path: spec.gitOps.branch value: main - path: spec.gitOps.subPath value: "YOUR-GITOPS-REPO-SUBPATH" - path: spec.gitOps.url value: "YOUR-GITOPS-REPO-URL" -
Configure defaults using either a full path to the field you want to set or a path to any structure where all desired child fields must be set.
- Full path
-
This example is for the path
spec.registry.repository.config: defaults: - path: spec.registry.repository value: "https://my-default-registry.url.com" - Path to any key representing a YAML object
-
This example is for the path
spec.registry.config: defaults: - path: spec.registry value: repository: "https://my-default-registry.url.com"This example is for the path
spec.config: defaults: - path: spec value: registry: repository: "https://my-default-registry.url.com"
Reference Guides
